Privacy Policy

1. Introduction

At Resynced ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our centralized authentication service and associated platforms (the "Service"). This policy applies to all users of our Service.

We are committed to protecting your personal data and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR). We do not sell, rent, or share your personal information with third parties for their marketing purposes.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when you register for an account, update your profile, or communicate with us. This includes:

• Account Information: Username, email address, password (encrypted), and display name
• Profile Information: Profile picture (avatar), bio, and any other information you choose to add to your profile
• Communication Data: Information you provide when you contact us for support or report issues
• Authentication Data: Information related to your authentication sessions and OAuth authorizations

2.2 Automatically Collected Information

When you access our Service, we automatically collect certain information about your device and usage:

• Log Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our Service, including access times, pages viewed, and the pages you visited before navigating to our Service
• Device Information: Device type, unique device identifiers, and mobile network information
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies to track activity on our Service and store certain information

2.3 Information from Third-Party Services

When you authorize third-party services to access your Resynced account, we may share certain information with those services based on the permissions you grant. We do not receive information from third-party services unless you explicitly authorize such access.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To create and manage your account, authenticate your identity, and provide access to our Service and associated platforms
• OAuth Integration: To facilitate single sign-on (SSO) functionality and share authorized information with third-party services you choose to connect
• Communication: To send you service-related notifications, security alerts, and respond to your inquiries
• Security and Fraud Prevention: To detect, prevent, and address technical issues, fraudulent activity, and security vulnerabilities
• Service Improvement: To analyze usage patterns and improve our Service, develop new features, and enhance user experience
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests
• Account Management: To manage your account preferences, settings, and OAuth authorizations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context:

• Contractual Necessity: We process your information to perform our contract with you (providing the Service)
• Legitimate Interests: We process your information for our legitimate interests, such as improving our Service, security, and fraud prevention
• Consent: We may process your information based on your explicit consent, which you can withdraw at any time
• Legal Obligation: We may process your information to comply with legal obligations

5. Information Sharing and Disclosure

5.1 Third-Party Services (OAuth)

When you authorize a third-party service to access your Resynced account, we share only the information covered by the permissions you explicitly grant. This may include your email address, username, profile picture, and other profile information. You can review and revoke these authorizations at any time through your account settings.

5.2 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Service, such as hosting providers, email services, and analytics providers. These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to meet national security or law enforcement requirements.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.5 What We Don't Do

We do not sell, rent, or share your personal information with third parties for their direct marketing purposes. We do not use your information for advertising purposes or share it with advertising networks.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria we use to determine retention periods include:

• The length of time we have an ongoing relationship with you and provide the Service
• Whether there is a legal obligation to which we are subject (e.g., certain laws require us to keep records of your transactions)
• Whether retention is advisable in light of our legal position (e.g., regarding applicable statutes of limitations, litigation, or regulatory investigations)

When we no longer need to use your information, we will remove it from our systems and records or anonymize it so that you can no longer be identified from it.

7. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. You can export your data at any time through your account settings.

7.2 Rectification

You have the right to correct inaccurate or incomplete personal information. You can update most information directly through your account settings.

7.3 Erasure

You have the right to request deletion of your personal information under certain circumstances. You can delete your account at any time through your account settings, or contact us to request deletion.

7.4 Restriction

You have the right to request that we restrict the processing of your personal information under certain circumstances, such as when you contest the accuracy of the data or object to processing.

7.5 Objection

You have the right to object to our processing of your personal information where we are relying on legitimate interests as the legal basis for processing.

7.6 Withdrawal

Where we are relying on consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

7.7 Complaint

If you are located in the EEA, you have the right to lodge a complaint with a data protection supervisory authority if you believe we have processed your personal information unlawfully.

To exercise any of these rights, please contact us using the contact information provided at the end of this Privacy Policy. We will respond to your request within 30 days.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between your device and our servers is encrypted using industry-standard SSL/TLS protocols. Passwords are hashed using strong cryptographic algorithms
• Access Controls: We restrict access to personal information to employees, contractors, and agents who need that information to process it for us and are subject to strict contractual confidentiality obligations
• Security Monitoring: We continuously monitor our systems for potential vulnerabilities and attacks, and regularly review our security practices
• Secure Infrastructure: Our servers are hosted in secure data centers with physical and digital security measures
• Regular Audits: We conduct regular security audits and vulnerability assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

9. Cookies and Tracking

9.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve our Service. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted or expired).

9.2 Types of Cookies

• Essential Cookies: Required for the Service to function properly, such as authentication and security cookies
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences
• Analytics Cookies: Help us understand how users interact with our Service so we can improve it
• Security Cookies: Used to detect and prevent fraudulent activity and enhance security

9.3 Managing Cookies

Most web browsers allow you to control cookies through their settings preferences. However, if you disable cookies, some features of our Service may not function properly. You can also use browser extensions to manage tracking technologies.

10. International Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

If you are located outside the country where our servers are located and choose to provide information to us, please note that we transfer the data to our servers and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

For transfers from the EEA to countries that do not provide an adequate level of data protection, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from children under 13 without verification of parental consent, we will take steps to remove that information from our servers. For users between 13 and 18, we recommend obtaining parental consent before using our Service.

12. Third-Party Services

Our Service may contain links to third-party websites, applications, or services that are not operated by us. When you authorize third-party services through OAuth, those services operate independently from Resynced.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit and every service you authorize.

The information shared with third-party services through OAuth is governed by both this Privacy Policy (for what we share) and the third party's privacy policy (for what they do with that information).

13. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR and other applicable laws.

Our notification will include the nature of the breach, the categories and approximate number of affected users, the likely consequences, and the measures we have taken or propose to take to address the breach and mitigate potential adverse effects.

14. Do Not Track

Some web browsers incorporate a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Currently, we do not respond to DNT signals because there is no industry standard for how DNT should be implemented. We will continue to monitor developments around DNT browser technology.

15. California Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You have the right to opt-out of the sale of your personal information. Note: We do not sell personal information
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights

To exercise these rights, please contact us using the information provided below. We will verify your identity before processing your request and respond within 45 days.

16. Policy Changes

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page and updating the "Last updated" date
• Sending you an email notification at the email address associated with your account
• Displaying a prominent notice on our Service

We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after we post modifications constitutes your acceptance of the updated Privacy Policy.

17. Contact Information

Resynced is the data controller responsible for your personal information. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all requests, inquiries, or concerns within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

18. Acknowledgment

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DO NOT USE OUR SERVICE.